Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2025-25430

    Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page.... Read more

    Affected Products : tew-929dru_firmware tew-929dru
    • Published: Feb. 28, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.6

    HIGH
    CVE-2024-13726

    The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection... Read more

    Affected Products : themes_coder
    • Published: Feb. 17, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2024-37607

    A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    Affected Products : dap-2555_firmware dap-2555
    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2024-37606

    A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 7.3

    HIGH
    CVE-2024-42093

    In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause po... Read more

    Affected Products : linux_kernel
    • Published: Jul. 29, 2024
    • Modified: May. 21, 2025

  • 7.0

    HIGH
    CVE-2024-41057

    In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue in our fault injection stress test: =====================================================... Read more

    Affected Products : linux_kernel
    • Published: Jul. 29, 2024
    • Modified: May. 21, 2025

  • 6.0

    MEDIUM
    CVE-2024-56662

    In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Fix an issue detected by syzbot with KASAN: BUG: KASAN: vmalloc-out-of-bounds in cmd_to_func drivers/acpi/nfit/ core.c:416 [inli... Read more

    Affected Products : linux_kernel
    • Published: Dec. 27, 2024
    • Modified: May. 21, 2025

  • 7.1

    HIGH
    CVE-2024-50705

    Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter.... Read more

    Affected Products : tripleplay
    • Published: Mar. 04, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-1955

    A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/scheduling/pages/profile.php. The manipulation of the ar... Read more

    • Published: Mar. 04, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-48246

    Vehicle Management System 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the "Name" parameter of /vehicle-management/booking.php.... Read more

    • Published: Mar. 05, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-37605

    A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more

    Affected Products : dir-860l_firmware dir-860l
    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-13868

    The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against hig... Read more

    • Published: Mar. 06, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-36831

    A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.... Read more

    Affected Products : dap-1520_firmware dap-1520
    • Published: Dec. 17, 2024
    • Modified: May. 21, 2025

  • 7.6

    HIGH
    CVE-2025-0624

    A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails... Read more

    • Published: Feb. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2022-40942

    Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.... Read more

    Affected Products : tx3_firmware tx3
    • EPSS Score: %10.84
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40929

    XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users).... Read more

    Affected Products : xxl-job
    • EPSS Score: %0.19
    • Published: Sep. 28, 2022
    • Modified: May. 21, 2025

  • 8.8

    HIGH
    CVE-2022-40878

    In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).... Read more

    Affected Products : exam_reviewer_management_system
    • EPSS Score: %19.56
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 9.8

    CRITICAL
    CVE-2022-40877

    Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.... Read more

    Affected Products : exam_reviewer_management_system
    • EPSS Score: %0.08
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 4.3

    MEDIUM
    CVE-2022-40817

    Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issu... Read more

    Affected Products : zammad
    • EPSS Score: %0.14
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025

  • 6.5

    MEDIUM
    CVE-2022-40816

    Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connecti... Read more

    Affected Products : zammad
    • EPSS Score: %0.17
    • Published: Sep. 27, 2022
    • Modified: May. 21, 2025
Showing 20 of 292749 Results